[Opendnssec-user] Different TTL used in full and partial audit.

Göran Bengtson goeran at chalmers.se
Wed Jan 11 09:52:29 UTC 2012

The call to key_tracker.process_key_data have different parameters
in auditor.rb and partial_auditor.rb. If I remember correct, there was
a bug-fix that corrected the TTL used to verify key usage/state-
transitions. Howver, I don't think the fix made it info the partial

In the 1.3-branch:

fgrep process_key_data  auditor/lib/kasp_auditor/*auditor.rb
auditor/lib/kasp_auditor/auditor.rb:        @key_tracker.process_key_data(@keys, @keys_used, @soa.serial, @config.keys.ttl)
auditor/lib/kasp_auditor/partial_auditor.rb:      @key_tracker.process_key_data(@keys, @keys_used, @soa.serial, @config.soa.ttl)

The partial auditor still use the SOA TTL, not the DNSKEY TTL.

 			/ Göran Bengtson
 			  Chalmers Univ. of Technology

More information about the Opendnssec-user mailing list